Hello,
NIIBE Yutaka wrote:
> I encounter this exact issue when I did an experiment for DHKEM(X25519,
> HKDF-SHA256). Currently, it computes public key from secret key.
>
> My experiment is here:
>
> https://dev.gnupg.org/source/libgcrypt/history/gniibe%252Fkem2/
>
> This is the branch on top
On Mon 2023-11-20 09:28:49 +0100, Simon Josefsson via Gcrypt-devel wrote:
> One common solution to that problem is to include the public key in the
> data array holding the private key. The SNTRUP761 implementations I've
> worked with does that by default, and I thought it was a fairly common
> de
One common solution to that problem is to include the public key in the
data array holding the private key. The SNTRUP761 implementations I've
worked with does that by default, and I thought it was a fairly common
design pattern.
/Simon
Falko Strenzke writes:
> There is another point to consid
Hello,
Falko Strenzke wrote:
> There is another point to consider for the design of a generic KEM API:
> the use of the public in the key derivation, which makes it necessary to
> pass the public key to the decapsulation function if one doesn't want to
> run the computation of the public key f
There is another point to consider for the design of a generic KEM API:
the use of the public in the key derivation, which makes it necessary to
pass the public key to the decapsulation function if one doesn't want to
run the computation of the public key from the private key in the
decapsulati
